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REMARKS 

This Amendment is being filed in response to the final Official Action on a Request for 
Continued Examination (RCE), and concurrent with a second RCE, for the present application. 
The first Official Action of this RCE continues to reject all of the pending claims, namely Claims 
1-20, under 35 U.S.C. § 102(b) as being anticipated by U.S. Patent No. 6,330,562 to Boden et al. 
As explained below, Applicant respectfully submits that the claimed invention is patentably 
distinct from Boden, and accordingly, traverses the respective objection to the drawings and 
rejection of the claims. Nonetheless, Applicant has amended various ones of the claims to 
further clarify the claimed invention. In view of the amendments to the claims and the remarks 
presented herein, Applicant respectfully requests reconsideration and allowance of all of the 
pending claims of the present application. 

Again, Boden discloses a system and method for managing security objects, including a 
data model for abstracting customer-defined VPN security policy information. As disclosed, 
such a model enables a VPN node (computer system existing in a Virtual Private Network) to 
gather policy configuration information for itself through a GUI or some distributed policy 
source. The VPN node can then store the policy configuration information in a system-defined 
database, and use the information to dynamically negotiate, create, delete, and maintain secure 
connections at the IP level with other VPN nodes. 

A. Claims 1-5 and 11-20 are Patentable 

As currently recited by amended independent Claim 1, for example, a method of creating 
and maintaining a centralized key store includes providing a plurality of security policies to be 
applied to traffic to and/or from a host, each of which includes an application instance identifier 
associated with a security service. As recited, at least two of the application instance identifiers 
are associated with different security services that operate according to different protocols at 
different layers of a multi-layered protocol stack. As also recited, the method further includes 
creating a plurality of security associations. At least two security associations are created based 
upon respective, different security services to thereby create a centralized key store including the 
plurality of security policies and security associations, and at least one of the security 
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associations is created according to a key management protocol that differs from the protocols 
according to which the security services operate. 

As previously explained, in contrast to amended independent Claim 1, Boden does not 
teach or suggest a centralized key store with security policies, each of which includes an 
application instance identifier associated with a security service, or one or more security 
associations created based upon security service(s) associated with the application instance 
identifier(s). Boden does disclose abstracting information about connections in a VPN 
environment, such as between a system using TCP/IP and a system using IPSec. Boden also 
discloses dynamically generating security policies (IPSec filter rules), such as to accommodate 
dynamically-assigned IP addresses. In no event, however, does Boden disclose applying a 
security service other than IPSec such that the security policies include application instance 
identifiers associated with security services. The claimed invention, on the other hand, recites a 
centralized key store including a plurality of security policies each of which includes an 
application instance identifier associated with a respective security service, at least two of the 
application instance identifiers being associated with different security services that operate 
according to different protocols at different layers of a multi-layered protocol stack. 

In response to the foregoing, the final Official Action alleges that Boden discloses IKE 
and IPSec, and that IKE and IPSec are security services that operate according to different 
protocols at different layers of a multi-layered protocol stack. In addition, the final Official 
Action appears to interpret key management security policies (see FIG. 3, policies 36) and data 
management security policies (see FIG. 3, policies 58) as corresponding to policies associated 
with different security services, namely IKE and IPSec. To the contrary, however, we note that 
IKE is not a security service as is IPSec, but is instead a key management protocol for creating 
security associations for use in implementing IPSec. In this regard, even if one did argue (albeit 
incorrectly), that Boden' s IKE and IPSec correspond to different security services operable 
according to different protocols at different layers, Boden does not teach or suggest creating a 
plurality of security associations, including at least two security associations created based upon 
respective, different security services, and at least one security association created according to a 
key management protocol that differs from the protocols according to which the security services 
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operate , as now recited by independent Claim 1 . As indicated, even if one did argue that IKE 
corresponds to a security service, IKE is a key management protocol for creating security 
associations; and as such, Boden does not teach or suggest creating any security association 
according to a key management protocol (e.g., IKE) that differs from the protocols (allegedly 
IPSec and IKE) according to which the security services operate. 

Applicant therefore respectfully submits that amended independent Claim 1, and by 
dependency Claims 2-5, are patentably distinct from Boden. Applicant also respectfully submits 
that amended independent Claims 1 1 and 16 recite subject matter similar to that of amended 
independent Claim 1, including the aforementioned centralized key store, and application with at 
least one security association created according to a key management protocol that differs from 
the protocols according to which the security services operate. Applicant therefore respectfully 
submits that amended independent Claims 1 1 and 16, and by dependency Claims 12-15 and 17- 
20, are also patentably distinct from Boden for at least the reasons given above with respect to 
amended independent Claim 1 . 

For at least the foregoing reasons, Applicant respectfully submits that the rejection of 
Claims 1-5 and 1 1-20 as being anticipated by Boden is overcome. 

B. Claims 6-10 are Patentable 

Amended independent Claim 6 recites an apparatus including a processor configured to 
provide a plurality of security policies to be applied to traffic to and/or from the apparatus. 
Similar to amended independent Claims 1, 1 1 and 16, each of the security policies includes an 
application instance identifier associated with a security service, and at least two of the 
application instance identifiers are associated with different security services that operate 
according to different protocols at different layers of a multi-layered protocol stack. As also 
recited, the processor is configured to apply security services associated with respective, 
identified application instance identifiers to packets of data, including applying different security 
services to at least two different packets of data, to thereby transform the packets of data. In this 
regard, the processor is configured to apply the security services to the packets based upon a 
plurality of security policies and security associations. The processor, then, is configured to 
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relay the transformed packets of data to one or more security gateways configured to apply the 
security services associated with the respective, identified application instance identifiers to the 
transformed packets of data to thereby generate representations of the respective packets of data. 

As indicated above and previously explained, Boden does not teach or suggest a 
centralized key store with security policies, each of which includes an application instance 
identifier associated with a security service, or one or more security associations created based 
upon security service(s) associated with the application instance identifier(s), as recited by 
amended independent Claim 1 and similarly independent Claim 6. Again noting that the Official 
Action appears to interpret IKE and IPSec to correspond to the recited security services, even 
considering this interpretation, Boden still does not teach or suggest applying different security 
services to at least two different packets of data based upon security policies and security 
associations to thereby transform the packets of data. As indicated above, even if IKE were 
generally interpreted as a security service, IKE is not applied to any packet of data based upon 
any security policy and security association to transform the packet. Rather, IKE is a key 
management protocol for creating security associations for use in implementing IPSec. 

For at least the foregoing reasons, as well as those presented above with respect to 
amended independent Claim 1, Applicant respectfully submits that amended independent Claim 
6, and by dependency Claims 7-10, is also patentably distinct from Boden. And as such, 
Applicant respectfully submits that the rejection of Claims 6-10 as being anticipated by Boden is 
overcome. 
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CONCLUSION 

In view of the amendments to the claims and the remarks presented above, Applicant 
respectfully submits that the present application is in condition for allowance. As such, the 
issuance of a Notice of Allowance is therefore respectfully requested. In order to expedite the 
examination of the present application, the Examiner is encouraged to contact Applicant's 
undersigned attorney in order to resolve any remaining issues. 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1.136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 16-0605. 



Respectfully submitted, 
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